Systems and methods of managing fraudulent devices are provided. The system detects a request for a connection to communicatively couple a technician computing device with a receiver computing device. The system identifies connection data for the connection. The system requests, based on the connection data, a plurality of account values. Each of the plurality of account values is associated with an account that the technician computing device used to establish the connection. The system generates a score indicating a fraudulent level of the account based on the plurality of account values. The system terminates, responsive to a comparison of the score with a fraud threshold, the connection. The system transmits, to a ticketing system, a support ticket generated responsive to the comparison of the score with the fraud threshold.
Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method of managing fraudulent devices, comprising: detecting, by a control system comprising a processor and memory that is intermediary to one or more computing devices and one or more servers that provide a plurality of cloud services, a request for a connection to communicatively couple a technician computing device with a receiver computing device via a cloud service of the plurality of cloud services provided by the one or more servers; identifying, by the control system via a data stream, connection data for the connection between the technician computing device and the receiver computing device via the cloud service; requesting, by the control system based on the connection data, a plurality of account values, each of the plurality of account values associated with an account for the cloud service that the technician computing device used to establish the connection with the receiver computing device via the cloud service; providing, by the control system, input based on the plurality of account values to a classification model trained based on training data associated with a plurality of connections between a plurality of receiving computing devices and a plurality of technician computing devices via the plurality of cloud services, to generate a score indicating a fraudulent level of the account; terminating, responsive to a comparison of the score with a fraud threshold, the connection; generating, by the control system, responsive to the comparison of the score with the fraud threshold, a support ticket that identifies the account as fraudulent; and transmitting, by the control system, the support ticket to a ticketing system.
Network security and fraud prevention. The invention addresses the problem of managing fraudulent devices and connections within a cloud service environment. A control system, comprising a processor and memory and positioned between computing devices and servers offering cloud services, monitors connection requests. When a technician computing device seeks to connect with a receiver computing device through a cloud service, the control system detects this request. It then identifies connection data for this specific link via a data stream. Based on this connection data, the control system requests multiple account values linked to the account used by the technician device to establish the connection. This account information is fed as input to a classification model. This model has been pre-trained on data from numerous prior connections involving various receiver and technician devices across multiple cloud services. The classification model generates a score indicating the likelihood of the account being fraudulent. The control system compares this score against a predefined fraud threshold. If the score exceeds the threshold, the connection is terminated. Additionally, a support ticket is generated, identifying the account as fraudulent, and this ticket is transmitted to a ticketing system for further action.
2. The method of claim 1 , further comprising: identifying, by the control system, network traffic that comprises a domain name service request from the technician computing device to determine that the connection is established.
A system and method for managing network connections in a technical support environment involves monitoring and controlling network traffic between a technician's computing device and a customer's network. The system detects when a technician initiates a remote support session by identifying network traffic that includes a domain name service (DNS) request from the technician's device. This DNS request indicates that the technician is attempting to establish a connection to the customer's network. The system then verifies the connection by analyzing the DNS request and other network traffic patterns to confirm that the session is legitimate and authorized. Once the connection is established, the system may further monitor the session to ensure compliance with security policies, such as restricting access to specific network resources or logging all activities for audit purposes. The method ensures that only authorized technicians can access the customer's network and that all connections are properly authenticated and monitored. This approach enhances security by preventing unauthorized access while maintaining the ability to provide remote technical support efficiently.
3. The method of claim 1 , wherein the connection data comprises at least one of: an IP address of technician computing device logging into the account, an IP address during creation of the account, a first timestamp when the technician computing device logs into the account, and a second timestamp when the technician computing device creates the account.
This invention relates to tracking and verifying technician access to accounts within a computing system. The problem addressed is the need to authenticate and monitor technician activities to ensure security and accountability. The method involves collecting and analyzing connection data associated with technician computing devices when they access or create accounts. The connection data includes at least one of the following: the IP address of the technician's device when logging into an account, the IP address recorded during account creation, a timestamp indicating when the technician logs into the account, and a timestamp indicating when the technician creates the account. This data is used to verify the legitimacy of access and detect unauthorized or suspicious activities. The system may also compare the collected connection data against stored records to identify inconsistencies or anomalies, such as mismatched IP addresses or unusual timing patterns. By tracking these details, the method enhances security by providing a verifiable audit trail of technician interactions with accounts, helping to prevent fraudulent access and ensuring compliance with security protocols. The approach is particularly useful in environments where technicians manage multiple accounts or systems, requiring robust authentication and monitoring mechanisms.
4. The method of claim 3 , further comprising: generating, by the control system, the score indicating the fraudulent level of the account based on at least one of the first timestamp or the second timestamp.
A system and method for fraud detection in digital accounts analyzes transaction data to assess fraudulent activity. The system monitors account transactions, including login attempts and financial transactions, and records timestamps for these events. A control system processes this data to detect anomalies, such as unusual timing patterns or discrepancies between login and transaction timestamps. The system generates a fraud score based on these timestamps, indicating the likelihood of fraudulent activity. The score is derived from deviations in expected behavior, such as rapid successive logins from different locations or transactions occurring shortly after login attempts. The system may also compare timestamps against historical data or predefined thresholds to identify suspicious patterns. By evaluating temporal inconsistencies, the system enhances fraud detection accuracy, reducing false positives and improving security for digital accounts. The method integrates with existing fraud detection frameworks, providing an additional layer of analysis to mitigate risks associated with unauthorized access or fraudulent transactions.
5. The method of claim 1 , wherein the connection data further comprises an identifier of a particular cloud service of the plurality of cloud services, the particular cloud service being an instance of software executing on the one or more servers.
This invention relates to cloud service management, specifically tracking and managing connections between cloud services. The problem addressed is the lack of visibility and control over inter-service communication in cloud environments, which can lead to inefficiencies, security risks, and operational challenges. The invention provides a method for monitoring and managing connections between multiple cloud services. It involves collecting connection data that includes details about the communication between these services. A key aspect is the inclusion of an identifier for a specific cloud service involved in the connection. This identifier uniquely distinguishes the service, which is an instance of software running on one or more servers. The method allows for tracking which cloud services are interacting, enabling better resource allocation, security monitoring, and troubleshooting. The connection data may also include other details such as timestamps, data transfer volumes, or service roles, providing a comprehensive view of inter-service communication. By identifying specific cloud services, the system can enforce policies, detect anomalies, and optimize performance. This approach improves transparency and control in distributed cloud environments, addressing the challenges of managing dynamic and interconnected cloud services.
6. The method of claim 1 , wherein the plurality of account values comprise billing information associated with the technician computing device, the method further comprising: generating, by the control system using a matrix having a plurality of individual scores indicating a respective fraudulent level of the account, the score indicating the fraudulent level of the account based on the billing information associated with the account.
This invention relates to fraud detection in technician computing devices, particularly for identifying fraudulent accounts based on billing information. The method involves analyzing billing data associated with technician computing devices to assess fraud risk. A control system generates a fraud score for each account using a matrix of individual scores, where each score reflects the fraudulent level of the account. The fraud score is derived from billing information linked to the account, such as transaction patterns, payment discrepancies, or other financial anomalies. The system evaluates these factors to determine the likelihood of fraudulent activity. By processing billing data through a scoring matrix, the method provides a quantitative measure of fraud risk, enabling automated detection and mitigation of suspicious accounts. The approach enhances security by leveraging billing information as a key indicator of fraudulent behavior, improving the accuracy and efficiency of fraud detection in technician computing environments.
7. The method of claim 1 , wherein the plurality of account values comprise a geographic location of the technician computing device, the method further comprising: generating, by the control system using a matrix having a plurality of individual scores indicating a respective fraudulent level of the account, the score indicating the fraudulent level of the account based on the geographic location of the technician computing device.
This invention relates to fraud detection in technical support systems, specifically for identifying potentially fraudulent activity based on the geographic location of a technician's computing device. The system monitors account values associated with technicians, including their device location, to assess fraud risk. A control system generates a fraud score for each account using a matrix of individual scores, where each score reflects the fraudulent level of the account. The geographic location of the technician's device is a key factor in determining this score, helping to detect anomalies such as unauthorized access or impersonation. The system dynamically evaluates these location-based indicators to enhance fraud detection accuracy. This approach improves security by flagging suspicious activity based on real-time location data, reducing the risk of fraudulent support interactions. The method integrates location analysis into a broader fraud assessment framework, ensuring comprehensive risk evaluation. The invention is particularly useful in environments where remote technical support is provided, ensuring that technicians' activities align with expected geographic patterns. By incorporating location data into fraud scoring, the system provides an additional layer of verification to prevent unauthorized access and fraudulent transactions.
8. The method of claim 1 , wherein the plurality of account values comprise a plurality of session types associated with the technician computing device, each of the plurality of session types configured to allow the technician computing device to use the account to establish a session to a respective one of the plurality of cloud services via the connection.
This invention relates to a system for managing technician access to multiple cloud services through a single account. The problem addressed is the complexity and inefficiency of requiring technicians to manage separate credentials or sessions for different cloud services, which increases security risks and operational overhead. The invention provides a method where a technician computing device uses a single account to establish secure sessions with multiple cloud services. The account includes a plurality of account values, each associated with a different session type. Each session type is configured to enable the technician computing device to connect to a respective cloud service via a secure connection. The session types may include different authentication protocols, encryption methods, or access permissions tailored to the specific cloud service. This allows technicians to seamlessly switch between services without re-authenticating or managing multiple credentials, improving efficiency and reducing security vulnerabilities. The system ensures that each session is properly authorized and encrypted, maintaining secure access across diverse cloud environments.
9. The method of claim 8 , further comprising: generating, by the control system using a matrix having a plurality of individual scores indicating a respective fraudulent level of the account, the score indicating the fraudulent level of the account based on determining that a number of sessions in each session type exceeds a predefined number threshold.
This invention relates to fraud detection in financial or digital account systems. The problem addressed is identifying potentially fraudulent accounts by analyzing session activity patterns. The method involves monitoring account sessions, categorizing them into different session types, and tracking the frequency of each type. A control system evaluates whether the number of sessions in any session type exceeds a predefined threshold, which would indicate suspicious activity. The system then generates a fraud score for the account based on these session counts, where higher scores correspond to higher fraud risk. This score is part of a matrix that aggregates multiple fraud indicators to assess the overall risk level of the account. The approach helps detect anomalies in user behavior that may signal unauthorized access or fraudulent transactions. The system can integrate this score with other fraud detection mechanisms to improve accuracy and reduce false positives. The method is particularly useful for financial institutions, online platforms, or any system requiring secure account management.
10. The method of claim 1 , further comprising: generating, by the control system using a matrix having a plurality of individual scores indicating a respective fraudulent level of the account, the score indicating the fraudulent level of the account based on detecting that a graphical user interface and/or a name of at least one of the plurality of cloud services has been modified.
This invention relates to fraud detection in cloud computing environments, specifically identifying fraudulent activity by analyzing modifications to graphical user interfaces (GUIs) and service names within cloud services. The method involves monitoring cloud service accounts for unauthorized or suspicious changes, such as alterations to GUIs or service names, which may indicate fraudulent behavior. A control system generates a fraud score for each account by evaluating these modifications, where higher scores correlate with higher fraud risk. The system uses a matrix of individual scores to assess the fraudulent level of an account, with each score representing the likelihood of fraud based on detected modifications. This approach helps detect potential fraud early by flagging unusual changes that could signal malicious intent, such as account takeovers or unauthorized access. The method enhances security by providing a quantitative measure of fraud risk, enabling proactive measures to mitigate threats. The invention is particularly useful in environments where cloud services are frequently accessed and modified, requiring robust fraud detection mechanisms to protect sensitive data and resources.
11. A system to manage fraudulent devices, comprising: a control system, intermediary to one or more computing devices and one or more servers that provide a plurality of cloud services, and comprising one or more processors and memory, the control system configured to: detect a request for a connection to communicatively couple a technician computing device with a receiver computing device via a cloud service of the plurality of cloud services provided by the one or more servers; identify, via a data stream, connection data for the connection between the technician computing device and the receiver computing device via the cloud service; request, based on the connection data, a plurality of account values, each of the plurality of account values associated with an account for the cloud service that the technician computing device used to establish the connection with the receiver computing device via the cloud service; provide input based on the plurality of account values to a classification model trained based on training data associated with a plurality of connections between a plurality of receiving computing devices and a plurality of technician computing devices via the plurality of cloud services, to generate a score indicating a fraudulent level of the account; terminate, responsive to a comparison of the score with a fraud threshold, the connection; generate, responsive to the comparison of the score with the fraud threshold, a support ticket that identifies the account as fraudulent; and transmit the support ticket to a ticketing system.
This system addresses fraud detection in cloud-based remote support services, where malicious actors may use compromised or fake accounts to establish unauthorized connections between technician and receiver devices. The system operates as an intermediary between computing devices and cloud service providers, monitoring connection requests and analyzing account behavior to identify fraudulent activity. When a connection request is detected, the system extracts connection data and retrieves account values associated with the technician's account. These values are input into a pre-trained classification model, which evaluates the account's legitimacy based on historical connection patterns. If the model's fraud score exceeds a predefined threshold, the system terminates the connection and generates a support ticket flagging the account as fraudulent, which is then sent to a ticketing system for further action. The classification model is trained on data from legitimate and fraudulent connections across multiple cloud services, enabling accurate fraud detection. This approach enhances security by proactively blocking suspicious connections and automating fraud reporting.
12. The system of claim 11 , wherein the control system is further configured to identify network traffic that comprises a domain name service request from the technician computing device to determine that the connection is established.
A system for managing network connections in a technical support environment monitors and controls communication between technician computing devices and a central support system. The system detects and verifies the establishment of network connections by identifying domain name service (DNS) requests originating from technician devices. This verification ensures that the technician is properly connected to the support system before any further actions are taken. The system may also include a control module that manages the technician's access to the network, ensuring secure and authorized communication. Additionally, the system may track the technician's activities and log connection details for auditing and troubleshooting purposes. The solution addresses the challenge of reliably establishing and verifying network connections in technical support scenarios, where secure and authenticated communication is critical. By monitoring DNS requests, the system can confirm that the technician's device is actively connected to the support infrastructure, reducing the risk of unauthorized access or communication failures. The system may also include features for restricting access based on predefined policies, ensuring that only authorized technicians can establish connections. Overall, the system provides a robust framework for managing network connections in technical support environments, enhancing security and operational efficiency.
13. The system of claim 11 , wherein the connection data comprises at least one of: an IP address of technician computing device logging into the account, an IP address during creation of the account, a first timestamp when the technician computing device logs into the account, and a second timestamp when the technician computing device creates the account.
This invention relates to a system for tracking and verifying technician access to user accounts in a computing environment. The system addresses the problem of unauthorized access and fraudulent activities by technicians who may misuse their privileges to create or log into user accounts. The system collects and stores connection data associated with technician activities, including details such as the IP addresses used during account creation and login, as well as timestamps for these events. This data helps in auditing and verifying the legitimacy of technician actions, ensuring accountability and security. The system may also include a database for storing this connection data and a processor for analyzing it to detect suspicious patterns or unauthorized access attempts. By maintaining a record of technician interactions with user accounts, the system enhances security and reduces the risk of fraudulent activities. The invention is particularly useful in environments where technicians have elevated access privileges, such as IT support, cloud services, or managed service providers.
14. The system of claim 13 , wherein the control system is further configured to generate the score indicating the fraudulent level of the account based on at least one of the first timestamp or the second timestamp.
A fraud detection system analyzes transaction data to assess the risk level of a financial account. The system monitors transactions involving the account, including a first transaction with a first timestamp and a second transaction with a second timestamp. The control system evaluates these timestamps to detect anomalies, such as unusually rapid or irregular transaction patterns, which may indicate fraudulent activity. The system generates a fraud score based on the timestamps, where deviations from expected timing patterns contribute to a higher fraud risk assessment. This score helps determine whether the account is likely compromised or engaged in suspicious behavior. The system may also compare the timestamps against historical transaction data or predefined thresholds to refine the fraud score. By leveraging temporal analysis, the system enhances fraud detection accuracy, reducing false positives and improving security for financial transactions.
15. The system of claim 11 , wherein the connection data further comprises an identifier of a particular cloud service of the plurality of cloud services, the particular cloud service being an instance of software executing on the one or more servers.
This invention relates to a system for managing connections between client devices and cloud services. The problem addressed is the need to efficiently route and authenticate client requests to specific cloud service instances running on distributed servers. The system includes a connection manager that processes connection data to establish secure and optimized communication paths between clients and cloud services. The connection data includes an identifier for a particular cloud service, which is an executable software instance running on one or more servers. This identifier ensures that client requests are directed to the correct service instance, enabling proper authentication, load balancing, and service discovery. The system may also include a client interface for initiating connections and a server interface for managing service instances. The connection manager dynamically updates routing information based on service availability and performance metrics, ensuring reliable and efficient service access. This approach improves scalability and reduces latency in distributed cloud environments by precisely targeting the intended service instance.
16. The system of claim 11 , wherein the plurality of account values comprise billing information associated with the technician computing device, and wherein the control system is further configured to use a matrix having a plurality of individual scores indicating a respective fraudulent level of the account to generate the score indicating the fraudulent level of the account based on the billing information associated with the account.
This invention relates to fraud detection in technical support or service systems, specifically for identifying potentially fraudulent accounts based on billing information. The system monitors technician computing devices and analyzes account data to assess fraud risk. A control system evaluates multiple account values, including billing details, to determine a fraud score. The system uses a scoring matrix where each account has an individual fraud score derived from its billing information. The matrix aggregates these scores to generate an overall fraud risk assessment for the account. This helps identify suspicious billing patterns or anomalies that may indicate fraudulent activity. The system may also compare account behavior against historical or expected norms to further refine fraud detection. The goal is to enhance security by automatically flagging high-risk accounts for review or intervention, reducing financial losses from fraudulent transactions. The invention is particularly useful in industries where remote technical support or service interactions are common, such as IT support, telecommunications, or field service management.
17. The system of claim 11 , wherein the plurality of account values comprise a geographic location of the technician computing device, and wherein the control system is further configured to use a matrix having a plurality of individual scores indicating a respective fraudulent level of the account to generate the score indicating the fraudulent level of the account based on the geographic location of the technician computing device.
This invention relates to fraud detection in technical support systems, specifically for identifying potentially fraudulent activity based on technician computing device data. The system monitors account values associated with technician devices, including geographic location, to assess fraud risk. A control system evaluates these values using a scoring matrix that assigns individual scores to different account attributes, including location, to generate an overall fraud risk score. The matrix allows for weighted contributions from multiple factors, enabling dynamic risk assessment. The system helps prevent unauthorized access or fraudulent transactions by flagging high-risk accounts based on location and other account data. The invention improves security in technical support environments by leveraging real-time device information to detect anomalies indicative of fraud. The scoring mechanism provides a scalable and adaptable approach to fraud detection, allowing for adjustments based on evolving threat patterns. This solution addresses the challenge of identifying fraudulent activity in distributed technical support networks where device location and other account attributes can signal potential security risks.
18. The system of claim 11 , wherein the plurality of account values comprise a plurality of session types associated with the technician computing device, each of the plurality of session types configured to allow the technician computing device to use the account to establish a session to a respective one of the plurality of cloud services via the connection.
This invention relates to a system for managing technician access to multiple cloud services through a single account. The problem addressed is the complexity and inefficiency of technicians needing separate credentials or accounts for each cloud service they must access, which increases security risks and administrative overhead. The system provides a unified account that can establish sessions with different cloud services, reducing the need for multiple logins and improving security by centralizing access control. The system includes a technician computing device that uses the unified account to connect to a plurality of cloud services via a network connection. The account values associated with the technician device include multiple session types, each configured to enable the device to establish a session with a specific cloud service. This allows the technician to switch between different cloud services seamlessly without requiring separate authentication for each service. The system may also include a server that manages the account and enforces access policies, ensuring that only authorized technicians can establish sessions with the appropriate cloud services. The session types may be predefined based on the technician's role or the specific cloud services they need to access, further streamlining the process. This approach enhances efficiency, reduces credential management burdens, and improves security by consolidating access control under a single account framework.
19. The system of claim 18 , wherein the control system is further configured to use a matrix having a plurality of individual scores indicating a respective fraudulent level of the account to generate the score indicating the fraudulent level of the account based on determining that a number of sessions in each session type exceeds a predefined number threshold.
The system is designed for fraud detection in financial or digital accounts by analyzing session activity patterns. The problem addressed is the need to accurately identify fraudulent accounts by evaluating their behavior across different session types, such as login attempts, transactions, or access patterns. The system uses a control system that assesses account activity by comparing the number of sessions in each session type against predefined thresholds. If the number of sessions in any session type exceeds the threshold, the system generates a fraud score for the account. This score is derived from a matrix of individual scores, each representing the fraudulent level of the account based on the session type's activity. The matrix allows for a weighted or aggregated assessment of fraud risk, improving detection accuracy. The system dynamically adjusts fraud detection by incorporating session-based thresholds, reducing false positives and enhancing security. The solution is particularly useful for financial institutions, online platforms, or any system requiring real-time fraud monitoring.
20. The system of claim 11 , wherein the control system is further configured to use a matrix having a plurality of individual scores indicating a respective fraudulent level of the account to generate the score indicating the fraudulent level of the account based on detecting that a graphical user interface and/or a name of at least one of the plurality of cloud services has been modified.
This invention relates to fraud detection in cloud computing environments. The system monitors cloud service accounts to identify potential fraudulent activity by analyzing modifications to graphical user interfaces (GUIs) or service names. The control system generates a fraud score for each account by evaluating a matrix of individual scores, where each score reflects the fraudulent level of the account based on detected changes. The system compares these scores to determine the overall fraud risk of the account. The matrix may include multiple factors, such as the frequency, nature, or context of the modifications, to assess whether the changes indicate malicious intent. By detecting unauthorized or suspicious alterations to cloud service interfaces or naming conventions, the system helps prevent fraudulent access or misuse of cloud resources. The invention improves security by providing a quantitative measure of fraud risk, enabling automated or manual intervention when high-risk modifications are detected. The system integrates with existing cloud infrastructure to monitor and analyze account behavior in real time, reducing the likelihood of undetected fraudulent activity.
Cooperative Patent Classification codes for this invention. Click any code to explore related patents in that topic.
April 2, 2019
March 22, 2022
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.